US9218478B2 - Microcomputer, middleware, and operating method for the same - Google Patents
Microcomputer, middleware, and operating method for the same Download PDFInfo
- Publication number
- US9218478B2 US9218478B2 US14/097,441 US201314097441A US9218478B2 US 9218478 B2 US9218478 B2 US 9218478B2 US 201314097441 A US201314097441 A US 201314097441A US 9218478 B2 US9218478 B2 US 9218478B2
- Authority
- US
- United States
- Prior art keywords
- register
- authentication
- data
- function
- initialization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
Definitions
- the present invention relates to a microcomputer, middleware, and an operating method for the same.
- a CPU Central Processing Unit
- ROM Read-only Memory
- the microcomputer includes CPUs, RAMs (Random Access Memory), and input-output units (I/O) and further includes several hardware modules.
- Various functions or functional capabilities are provided in the microcomputer, whereby the user of the microcomputer realizes the desired processing with use of these functional capabilities.
- the application program developed by the user calls and executes a variables-involved function or subroutine (hereinafter merely referred to as “function”) which realizes the desired functional capabilities, thereby utilizing the desired functional capabilities.
- OS Operating System
- the vendor Under the development environment, the vendor often limits the functional capabilities of the microcomputer in such a manner that part of the functional capabilities of the microcomputer are unable to be utilized and supplies library including the aforementioned functions and the evaluation microcomputer chip to the user. For example, the vendor limits the functional capabilities in such a manner that the functions in part of the library are unable to be utilized. Then, under the evaluation environment in which the functional capabilities are limited, the user executes the application under development and evaluates the microcomputer and the library. Thereafter, when the user concludes licensing agreements with the vendor, the vendor releases the limitation on the functional capabilities to allow the user to utilize all the functional capabilities.
- the vendor supplies the library, in which the functional capabilities are limited, to the user, and supplies another library, in which the functional capabilities are not limited, to the user after the conclusion of licensing agreements
- the vendor are demanded to provide two types of library for the user, which causes an increase in types of library.
- the user replaces the library, in which the functional capabilities are limited, with the library, in which the functional capabilities are not limited.
- One aspect of the embodiment is a microcomputer comprising: a processing unit; a plurality of registers; and a storage medium configured to store hardware initialization data that includes an initial value and a register address in which the initial value is set, the processing unit being configured to perform a process including:
- FIG. 1 is a flowchart illustrating the processes from evaluation to mass production of a microcomputer of the embodiment.
- FIG. 2 is a configuration diagram of the microcomputer of the embodiment.
- FIG. 3 is a diagram illustrating the bootloader, the software, and the data of the embodiment.
- FIG. 4 is a diagram illustrating the example of the configuration of the application program 121 of the embodiment.
- FIG. 5 is a diagram illustrating the example of the configuration of the middleware of the embodiment.
- FIG. 6 is a flowchart illustrating the part of the processing of a user system.
- FIG. 7 is a flowchart illustrating the processing performed by the bootloader 11 .
- FIGS. 8A and 8B are diagrams illustrating the hardware register group and the hardware initialization processing.
- FIG. 9 is a flowchart of the processing of releasing the limitations on functional capabilities in the embodiment.
- FIG. 10 is a diagram to describe the evaluation environment of the microcomputer according to the embodiment.
- FIG. 11 is a diagram to describe the mass-produced chips of the microcomputer of the embodiment.
- FIG. 1 is a flowchart illustrating the processes from evaluation to mass production of a microcomputer of the embodiment.
- Steps S 1 and S 2 represent the evaluation stage of the microcomputer
- Steps S 3 , S 4 , and S 5 represent the stage leading to the mass production of the microcomputer.
- a vendor provides a user with library in which part of functional capabilities are limited (S 1 ).
- the library is middleware interposed between OS and applications.
- the library includes data for the middleware and the like.
- the microcomputer includes a CPU and storage media such as a ROM and a RAM and stores the OS, the middleware, application programs (hereinafter simply referred to as “application”), and data in the storage media, and allows the CPU to execute the application, thereby realizing desired processing with the use of various functional capabilities.
- application calls functions corresponding to various functional capabilities in the middleware, whereby the functions to be called are executed so as to realize the corresponding functional capabilities.
- the middleware (library) in which part of functional capabilities are limited means middleware in a state where part of functions are not executable.
- the user develops the application under the evaluation environment and simultaneously evaluates the microcomputer and the library (S 2 ).
- a microcomputer to be evaluated is connected to a personal computer via an ICE (in-circuit emulator), and the aforementioned OS, the middleware, the application, and data under development are stored in a memory of the microcomputer to be evaluated in an executable format via the personal computer.
- the microcomputer to be evaluated executes the application, and the user monitors and evaluates the operation states of the microcomputer on the personal computer.
- the licensing agreement allows the user to obtain the library in which the functional capabilities to be licensed are available, and allows the microcomputer to use the functional capabilities to be licensed.
- the vendor provides the user with a password as authentication information (authentication data), which is aimed at allowing the user to use the library (S 4 ).
- the authentication information includes the address of an authentication register set in advance, out of a plurality of registers in the microcomputer and passwords (authentication data) which need to be initially set in the authentication register.
- a bootloader sets initial values in the plurality of registers in the microcomputer.
- the authentication register is arbitrarily selected by the vendor from the registers except the register in which the initial values are set. That is, the authentication register is arbitrarily selected from a sort of redundant registers in which the initial values are not set until the application is executed, or in which arbitrary data may be stored.
- the redundant register is a register which is not employed during the hardware initialization of the microcomputer.
- the user adds the password that is provided by the vendor as initial value data that will be set in the authentication register at the time of hardware initialization processing, thereby mass-producing the microcomputers (S 5 ).
- a functional capability limitation release unit in the microcomputer verifies whether the password (authentication data) set in the predetermined authentication register is correct. When the functional capability limitation release unit verifies that the password is correct, the functions to realize the functional capabilities are set in an executable state.
- the vendor in order to utilize the various functional capabilities of the microcomputer, it is demanded to obtain the authentication information to release the limitations on functional capabilities (address of authentication register and password (authentication data)), thereby putting the functions corresponding to the functional capabilities into the executable state.
- the vendor desires to limit a certain functional capability, the vendor does not provide the user with the address of the authentication register and the password (authentication data) to be set in the authentication register. Consequently, the user is unable to use the certain functional capability.
- the vendor provides the authentication information (address of authentication register and password (authentication data)) for only the user who concludes the licensing agreement with the vendor. Accordingly, the user can set the password in the authentication register in the microcomputer as the initial value based on the provided authentication information and can put the functions, which are limited to the microcomputer, in the executable state.
- the address of authentication register and its password corresponding to the various functional capabilities are kept confidential, thereby the vendor provides the user with the library whose functional capabilities are limited with high security.
- the limitations on functional capabilities are set based on the verification of a password having predetermined bits, there is a case where a malicious user tries all conceivable predetermined bits and releases the limitation on functional capabilities.
- the authentication register to which the password needs to be set is arbitrarily selected in advance from a magnitude of registers, and the address of the authentication register is kept confidential, so that the authentication information includes the address of authentication register for the user, in addition to the password, which makes it significantly difficult to release the limitation on functional capabilities.
- FIG. 2 is a configuration diagram of the microcomputer of the embodiment.
- a microcomputer 1 includes a memory 10 such as the ROM, a RAM 20 , a CPU 30 , an input/output circuit 34 , three sets of hardware modules 40 - 1 , 40 - 2 , and 40 - 3 , all of which are connected via an internal bus 36 .
- a bootloader 11 , software 12 , data 13 are stored in the ROM 10 .
- the software 12 and the data 13 are expanded in the RAM 20 by the bootloader 11 that is executed by the CPU 30 upon the activation of the microcomputer 1 .
- the CPU 30 includes a register group 31 and an arithmetic unit not illustrated.
- the hardware module 40 - 1 includes a register group 41 that includes a plurality of registers, and a hardware circuit 42 corresponding to the hardware module.
- Another hardware modules 40 - 2 and 40 - 3 have the configuration similar to that of the hardware module 40 - 1 .
- the hardware modules for example, include an image processing module for processing image data, a communications module for performing the processing of communication with the outside, an audio module for processing audio data, and a security module for performing the processing regarding security.
- the microcomputer realizes various functional capabilities based on the combination of the aforementioned hardware modules.
- the register groups in the hardware modules and the CPU include the plurality of registers, and an initial value is set in part of the registers at the time of hardware initialization processing.
- the authentication register to set the password is selected from the registers except the register in which the initial value is set in the hardware initialization processing. The selection is made by the vendor. As is illustrated, a password PW is set in the authentication register to be selected.
- the register group 41 in respective hardware modules 40 - 1 , 40 - 2 , and 40 - 3 includes four sets of registers. Then, the lower-order bit area of one register in the hardware module 40 - 1 and the higher-order bit area of one register in the hardware module 40 - 2 are combined, thereby constituting one authentication register. In correspondence to this, one password PW that is divided in two is set into the register areas. That is, two divided passwords PW are combined, thereby constituting one authentication password.
- it may be selected such that all the bits of the password PW are set in one authentication register, or the password PW is set in all the bits of the plurality of registers.
- FIG. 3 is a diagram illustrating the bootloader, the software, and the data of the embodiment.
- the bootloader 11 includes processing such as processing for expanding the software 12 and data 13 in the ROM 10 into the RAM 20 at the time of activation of the microcomputer, hardware initialization processing for setting the initial value data in the registers of the hardware modules, and processing for jumping to the initial address of the application after the completion of all the processing of the bootloader.
- the software 12 includes an application program 121 that is mainly developed by the user, middleware 122 , and OS 123 .
- Processing 121 a for calling a middleware initialization function is provided at the initial address of the application program 121 . Accordingly, when the processing for jumping to the initial address of the application program 121 is performed after the bootloader has completed all the processing, the middleware initialization function is called.
- the middleware 122 includes an initialization function 122 a for initializing the middleware, a middleware function group 122 b , and a driver group 122 c for executing OS. Further, in the embodiment, the middleware initialization function 122 a includes processing for verifying the password PW and releasing the limitations on functional capabilities. However, the processing of releasing the limitations on functional capabilities is not necessarily included in the middleware initialization function, but may be carried until the function group being limited the functional capabilities in the middleware is called from the application.
- the data 13 includes data 131 in the middleware and initial value data 132 of the registers in the hardware.
- the data 131 in the middleware includes the authentication information that includes the address of the authentication register and the passwords to be set in the authentication register
- the data 131 in the middleware includes authentication register addresses REG-ADDa and REG-ADDb and passwords PWa and PWb to be set in the authentication register.
- the passwords PWa and PWb which are set at the authentication register addresses REG-ADDa and REG-ADDb included in the data 131 of the middleware, are as right-answer data, which is included in the library provided by the vendor of the microcomputer, along with the middleware 122 . Then, when the middleware initialization function 122 a performs the processing of releasing the limitations on functional capabilities, the data 131 in the middleware is referred, it is verified whether the password in the authentication register corresponds to a password included in the data 131 .
- the hardware initial value data 132 includes user initial value data D1 and D4 that is set at the register addresses REG-ADD1 and REG-ADD4 and the passwords PWa and PWb that are set at the authentication register addresses REG-ADDa and REG-ADDb.
- the authentication register addresses REG-ADDa and REG-ADDb and the passwords PWa and PWb that are set at the authentication register addresses are requisite information to release the limitation on functional capabilities. This information, for example, is the passwords PWa and PWb with respect to two corresponding functional capabilities, and the authentication register addresses REG-ADDa and REG-ADDb at which the passwords PWa and PWb are initialized. Accordingly, when the vendor desires to limit the functional capabilities, the vendor does not provide the user with the authentication information. When the vendor does not limit the functional capabilities, the vendor provides the user with the authentication information.
- FIG. 4 is a diagram illustrating the example of the configuration of the application program 121 of the embodiment.
- a command 121 a to call the middleware initialization function is provided at the initial address of the application 121 .
- the application 121 includes a single or plural applications APL.
- the application APL1 includes commands 121 b to call a function A and a function B in the middleware.
- the application APL2 includes commands 121 c to call a function C and a function D.
- the command 121 a to call the middleware initialization function that each application calls is provided at the initial address of the application 121 .
- FIG. 5 is a diagram illustrating the example of the configuration of the middleware of the embodiment.
- the middleware 122 includes the middleware initialization function 122 a , the middleware function group 122 b that is called by the application 121 , and the driver group, not illustrated in FIG. 5 , to call the OS functional capabilities.
- the middleware initialization function 122 a includes processing 122 a - 1 , wherein the stored area of internal variables of the middleware such as the data 131 in the middleware is obtained in the RAM 20 , and the initial values of the internal variables are stored in the stored are of the RAM 20 , and processing 122 a - 2 of releasing the limitations on functional capabilities.
- the application 121 calls the middleware function corresponding to the predetermined functional capability and executes the middleware function. Accordingly, partial or entire limitation on the functional capabilities is achieved merely by putting the functions to be limited into a non-executable state. Also, the processing of releasing the limitations on functional capabilities is achieved merely by putting the functions to be limited into an executable state. A specific method will be described later.
- the function A ( 122 b (A)) includes permission flag check processing 122 b - 1 in which it is determined whether the function is executable, and function-A processing 122 b - 2 .
- the function B ( 122 b (B)) is similar to the function A ( 122 b (A)). That is, the functions A and B are exemplified as a function for which the functional capabilities are limited and released.
- a function E 122 b (E)
- the function E is exemplified as a function for which the functional capabilities are unable to be limited.
- the processing 122 a - 2 of releasing the limitations on functional capabilities for example, it is determined whether the password PW set in the authentication register corresponds to a right-answer password PW included in the data 131 in the middleware.
- the permission flag of the function is put into a permitted state (ON).
- the processing 122 a - 2 of releasing the limitations on functional capabilities includes both the processing of limiting functional capabilities and the processing of releasing the limitations on functional capabilities.
- the functions A and B include the permission flag check processing 122 b - 1 prior to the processing 122 b - 2 of the functions A and B. Accordingly, when the functions A and B are called by the application, according to the permission flag check processing, it is determined whether or not the execution of the function is permitted by the processing 122 a - 2 of releasing the limitations on functional capabilities in the middleware initialization function 122 a . In the case of the non-permitted state (permission flag is OFF), an error is returned, thereby making the function non-executable. In contrast, in the case of the permitted state (permission flag is ON), the function is executed.
- FIG. 6 is a flowchart illustrating the part of the processing of a user system.
- the user system means a microcomputer in which an application that is being developed or has been developed by the user and an initial value data corresponding to the application are stored in the ROM. Accordingly, the user system includes both the microcomputer at the evaluation stage and the mass-produced microcomputer.
- the CPU 30 executes the bootloader 11 (S 11 ).
- the bootloader 11 performs (1) the processing in which the software 12 and the data 13 in the ROM 10 are copied or expanded in the RAM 20 , (2) the hardware initialization processing for setting the hardware initial value data 132 in the data 13 in the register at the corresponding address, and (3) the processing of jumping to the initial address of the application.
- FIG. 7 is a flowchart illustrating the processing performed by the bootloader 11 .
- the CPU 30 executes the bootloader 11 , thereby expanding the software 12 and the data 13 in the ROM 10 , in the RAM 20 (S 21 ). In this case, it may be such that the software 12 and the data 13 in the ROM 10 are not expanded in the RAM 20 .
- the bootloader 11 performs the hardware initialization processing (S 22 ). In the hardware initialization processing, in accordance with the hardware initial value data 132 illustrated in FIG.
- the user initial values D1 and D4 are set at the register addresses REG-ADD1 and REG-ADD4 and the passwords PWa and PWb are respectively set at the authentication register addresses REG-ADDa and REG-ADDb.
- the passwords and the authentication register addresses are not included in the hardware initial value data 132 , the setting for the passwords in the authentication register is not carried out in the hardware initialization processing.
- the data 131 of the aforementioned middleware includes the authentication register addresses and the right-answer passwords with respect to all the functions for which the functional capabilities are able to be limited, and the vendor provides all the users with the entire authentication information as part of the library.
- the information to be provided is executable binary data (machine language), so that it is significantly difficult for the users to recognize the authentication register addresses and the right-answer passwords in the library.
- the vendor provides the user, who are permitted to release the limitations on functional capabilities, with the right-answer passwords and the address of the authentication register addresses regarding the right-answer passwords corresponding to the functions targeted for the release of the limitation, besides the aforementioned library.
- passwords and the authentication register addresses regarding the passwords corresponding to the functions, of which the functional capabilities are not limited are provided for the user by the vendor.
- passwords and the authentication register addresses regarding the passwords corresponding to the functions, of which the functional capabilities are limited are provided for the user by the vendor. Accordingly, the user is able to include the authentication register addresses and the passwords in the hardware initial value data.
- the corresponding function of the middleware is put into an executable state.
- the bootloader 11 performs the processing of jumping to the initial address of the application 121 (S 23 ).
- the command to call the middleware initialization function is provided at the initial address of the application 121 , so that the middleware initialization function is executed by the CPU 30 .
- the application 121 is normally a program that is being developed or has been developed by the user.
- FIGS. 8A and 8B are diagrams illustrating the hardware register group and the hardware initialization processing.
- FIG. 8A illustrates the example of the register address REG-ADD of the hardware register group and the data DATA stored at the register address.
- This example illustrates seven sets of registers whose register addresses REG-ADD are respectively represented as ADD1 to ADD3 and ADDa to ADDd, wherein the number of bits of each register, for example, is 32 bits.
- the area of the entire 32 bits of the registers whose register addresses are ADD1 to ADD3 is an initial value setting area in which the initial value made up of 32 bits is set in the hardware initialization processing.
- the area of higher-order 16 bits of the registers whose register addresses are ADDa and ADDc is an initial value setting area in which the initial value made up of 16 bits is set, and the initial value is not set in the area of lower-order 16 bits of the registers, or at least, arbitrary data may be stored until the execution of the middleware initialization function is completed.
- the initial value is not set in the area of the entire 32 bits of the registers whose register addresses are ADDb and ADDd, or at least, arbitrary data may be stored until the execution of the middleware initialization function is completed.
- the partial area of the register addresses ADDa and ADDc and the entire area of the register addresses ADDb and ADDd are a sort of redundant register, in which an arbitrary data may be stored until the completion of the middleware initialization function. Accordingly, in the embodiment, the vendor arbitrary selects an area of these redundant registers as an authentication register. Then, when the authentication register addresses and the passwords are included in the hardware initial value data 132 , the passwords PW are set in the authentication register as an initial value, along with other normal registers, in the course of the hardware initialization processing at the time of activation of the microcomputer.
- FIG. 8B illustrates a state where user initial values in the hardware initial value data 132 (for example, data D1 and D4 in FIG. 3 ) and the passwords PW (for example, passwords PWa and PWb in FIG. 3 ) are set in the corresponding registers of the register address REG-ADD.
- the passwords Pwa, PWb corresponding to the function A are divided in two (PWa and PWb) and respectively set to the lower-order 16 bits of the register of the address ADDa and the higher-order 16 bits of the register of the address ADDb, which are two areas selected from the redundant registers represented as “arbitrary” in the data area of the registers in FIG. 8B .
- the area of the authentication register may be made up of the entire bit area in one register in which the initial value is not set. In this case, one password is set in the entire bit area in the one register. Further, the area of the authentication register may be made up of part of bit area, where the initial value is not set, in one register. In this case, one password to be set is divided into the bit areas of the plurality of registers.
- the vendor selects the register area arbitrarily selected from the redundant registers and the redundant register areas as the authentication register.
- the authentication information is provided for only the user who is permitted to release the limitations on functional capabilities, the user allows the hardware initial value data to include the authentication information (authentication register addresses and authentication data (passwords)).
- the passwords are set in the authentication register through the hardware initialization processing performed by the bootloader at the time of activation of the microcomputer.
- the middleware initialization function is called, whereby the CPU executes the middleware initialization processing as follows.
- the processing returns to FIG. 6 , and the middleware initialization function, which is allocated to the initial address of the application which is jumped from the bootloader, is called and executed by the CPU (S 12 ).
- the middleware initialization function 122 a is executed by the CPU, (1) whereby the areas of the internal variables such as the data 131 in the middleware are secured in the RAM 20 and, when there exists the initial value of the internal variable, the initial value is set in the area of the RAM 20 , (2) and further, the processing of releasing the limitations on functional capabilities is performed.
- FIG. 9 is a flowchart of the processing of releasing the limitations on functional capabilities in the embodiment.
- the processing of releasing the limitations on functional capabilities is executed by the CPU, whereby performing the authentication processing for all the functions for which the functional capabilities is able to be limited.
- a non-executable state (OFF) is set for all the functions, for which the functional capabilities is able to be limited, as a default value.
- the processing of releasing the limitations on functional capabilities is executed by the CPU, first, whereby referring to the authentication register addresses REG-ADDa and REG-ADDb and the right-answer passwords PWa and PWb of the data 131 in the middleware in the data 13 in the ROM or the RAM (S 31 ).
- the passwords PWa and PWb at the authentication register addresses REG-ADDa and REG-ADDb are read out (S 32 ). That is, in the processing of releasing the limitations on functional capabilities, the passwords set in the authentication register in the hardware are read out based on the authentication register address, which the vendor selects in advance, in the data 131 in the middleware. Then, in the processing of releasing the limitations on functional capabilities, the passwords corresponding to respective authentication register addresses are compared, thereby performing the authentication processing for the passwords (S 34 ).
- the processing of releasing the limitations on functional capabilities is executed by the CPU, thereby the aforementioned authentication processing is repeated until the authentication processing is completed to all the functions for which the functional capabilities can be limited (S 36 ).
- the function is put into an executable state (the functional capability limitation release flag is turned on).
- the functional capability limitation release flag is turned off. That is, the microcomputer of the user to which the authentication information is provided is able to execute the functions corresponding to the provided authentication information and utilize the functional capabilities corresponding the executed functions.
- the vendor limits the functional capabilities of arbitrary functions for the user by not providing the authentication information of the functions and releases the limitation on the functional capabilities of arbitrary functions for the user merely by providing the authentication information of the functions.
- the authentication information includes the authentication register address, in addition to the passwords, thereby maintaining higher security.
- the function whose functional capability is able to be limited is executed, when the correct password is set in the authentication register in the hardware initialization processing.
- the password of the function is not set in the authentication register, that is, when the data in the authentication register is not a correct password, the execution of the function is refused.
- FIG. 10 is a diagram to describe the evaluation environment of the microcomputer according to the embodiment.
- the microcomputer 1 to be evaluated includes the ROM 10 , the RAM 20 , the CPU 30 , the I/O 34 , the hardware modules 40 - 1 , 40 - 2 , and 40 - 3 as the microcomputer for mass production, and further includes an interface circuit, which is not illustrated, connected with the in-circuit emulator ICE.
- the microcomputer 1 to be evaluated is connected with the personal computer PC via the in-circuit emulator ICE, thereby establishing communications with the personal computer.
- the CPU 30 executes the bootloader 11 from the personal computer PC via the in-circuit emulator ICE, and the application 121 , the middleware 122 , the OS 123 , the data 131 in the middleware, and the hardware initial value data 132 are expanded, for example, in the RAM 20 in the microcomputer 1 from the personal computer PC via the in-circuit emulator ICE.
- the bootloader 11 may expand part of the programs such as the application 121 , the middleware 122 , the OS 123 , the data 131 , and the hardware initial value data 132 from the ROM 10 . That is, the bootloader 11 is developed by the user, and the bootloader is executed, thereby expanding the programs or the data in the RAM 20 in the microcomputer 1 , as the user desires.
- the vendor provides the user with the library that includes the middleware 122 and the corresponding data 131 , the authentication information PWc and PWd on the functions for which the functional capabilities are not limited, and appropriately the OS 123 . Therefore, the user allows to include the authentication register address and the password in the hardware initial value data 132 based on the provided authentication information PWc and PWd.
- the vendor does not provide the user with the authentication information PWa and PWb on the functions for which the functional capabilities are limited. As a result, the user is unable to allow to include the authentication register address and the password in the hardware initial value data 132 based on the authentication information PWa and PWb. Accordingly, in FIG. 10 , the authentication information PWa and PWb is not included in the hardware initial value data 132 , as illustrated in a dashed line.
- the authentication information PWa and PWb includes the authentication register addresses, in addition to the password, which is the authentication data.
- the user for whom the authentication information is not provided is unable to find the authentication register which is arbitrarily selected by the vendor from the magnitude of registers, and it is significantly difficult for the user to release the limitations on functional capabilities.
- FIG. 11 is a diagram to describe the mass-produced chips of the microcomputer of the embodiment.
- the microcomputer 1 for mass production includes the ROM 10 , the RAM 20 , the CPU 30 , the I/O 34 , the hardware modules 40 - 1 , 40 - 2 , and 40 - 3 .
- the vendor provides the user, who concludes the licensing agreements, with the authentication information PWa and PWb on the functions for which the functional capabilities have been limited at the evaluation stage.
- the user allows to include the authentication information PWa and PWb in the hardware initial value data 132 based on the provided authentication information (authentication address and authentication data (password)).
- the user stores the OS, the application 121 that has been developed, the bootloader 11 , and the hardware initial value data 132 inclusive of the authentication information PWa and PWb which is newly provided, in the ROM 10 in the mass-produced chips of the microcomputer 1 , in addition to the middleware 122 and the corresponding data 131 which have already been provided by the vendor at the evaluation stage.
- the mass-produced microcomputer 1 is able to execute the function for which the limitations on a functional capability are released, thereby using the corresponding functional capability.
- the vendor provides the user with the library that includes the middleware and the corresponding data and does not provide the user with the authentication information on the functions to be limited. Accordingly, the user evaluates the microcomputer and the library in a state where part of the functional capabilities are limited. Then, the authentication information to release the limitations on functional capabilities is provided for the user who concludes the licensing agreements. Consequently, the limitations on functional capabilities are released for the user. Moreover, the authentication information includes not only the passwords for releasing the limitations on functional capabilities but also the authentication register address at which the passwords are set, so that it is significantly difficult for users to release the limitations on functional capabilities, whereby maintaining high security.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Stored Programmes (AREA)
- Microcomputers (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012-277002 | 2012-12-19 | ||
JP2012277002A JP6079208B2 (ja) | 2012-12-19 | 2012-12-19 | マイクロコンピュータ,そのミドルウエア及びマイクロコンピュータの動作方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
US20140173718A1 US20140173718A1 (en) | 2014-06-19 |
US9218478B2 true US9218478B2 (en) | 2015-12-22 |
Family
ID=50932622
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/097,441 Expired - Fee Related US9218478B2 (en) | 2012-12-19 | 2013-12-05 | Microcomputer, middleware, and operating method for the same |
Country Status (3)
Country | Link |
---|---|
US (1) | US9218478B2 (zh) |
JP (1) | JP6079208B2 (zh) |
CN (1) | CN103886268A (zh) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018160029A (ja) * | 2017-03-22 | 2018-10-11 | 株式会社東芝 | 半導体集積回路 |
JP7226831B2 (ja) * | 2018-08-02 | 2023-02-21 | Necソリューションイノベータ株式会社 | ライセンス管理装置、プログラム実行装置及び方法、並びにアプリケーションプログラム |
US11394702B2 (en) | 2019-09-23 | 2022-07-19 | T-Mobile Usa, Inc. | Authentication system when authentication is not functioning |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6188995B1 (en) * | 1997-07-28 | 2001-02-13 | Apple Computer, Inc. | Method and apparatus for enforcing software licenses |
US6571335B1 (en) * | 1999-04-01 | 2003-05-27 | Intel Corporation | System and method for authentication of off-chip processor firmware code |
JP2004164491A (ja) | 2002-11-15 | 2004-06-10 | Matsushita Electric Ind Co Ltd | プログラム更新方法およびサーバ |
US20050005131A1 (en) * | 2003-06-20 | 2005-01-06 | Renesas Technology Corp. | Memory card |
US20070112446A1 (en) * | 2005-11-14 | 2007-05-17 | General Electric Company | Systems and methods for capturing data within an intelligent electronic device |
US20080083016A1 (en) * | 2006-09-29 | 2008-04-03 | Brother Kogyo Kabushiki Kaisha | Information processing apparatus and information processing program |
US20100077473A1 (en) * | 2008-09-22 | 2010-03-25 | Ntt Docomo, Inc. | Api checking device and state monitor |
US20120159617A1 (en) * | 2010-12-17 | 2012-06-21 | Sony Ericsson Mobile Communications Ab | Headset, method for controlling usage of headset, and terminal |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004104539A (ja) * | 2002-09-11 | 2004-04-02 | Renesas Technology Corp | メモリカード |
JP5457363B2 (ja) * | 2008-10-10 | 2014-04-02 | パナソニック株式会社 | 情報処理装置、認証システム、認証装置、情報処理方法、情報処理プログラム、記録媒体及び集積回路 |
JP5222742B2 (ja) * | 2009-01-14 | 2013-06-26 | 株式会社日立製作所 | デジタル放送受信装置及びデジタル放送受信装置における受信設定方法 |
-
2012
- 2012-12-19 JP JP2012277002A patent/JP6079208B2/ja not_active Expired - Fee Related
-
2013
- 2013-12-05 US US14/097,441 patent/US9218478B2/en not_active Expired - Fee Related
- 2013-12-19 CN CN201310706075.7A patent/CN103886268A/zh active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6188995B1 (en) * | 1997-07-28 | 2001-02-13 | Apple Computer, Inc. | Method and apparatus for enforcing software licenses |
US6571335B1 (en) * | 1999-04-01 | 2003-05-27 | Intel Corporation | System and method for authentication of off-chip processor firmware code |
JP2004164491A (ja) | 2002-11-15 | 2004-06-10 | Matsushita Electric Ind Co Ltd | プログラム更新方法およびサーバ |
US20070217614A1 (en) | 2002-11-15 | 2007-09-20 | Matsushita Electric Industrial Co., Ltd | Program update method and server |
US20050005131A1 (en) * | 2003-06-20 | 2005-01-06 | Renesas Technology Corp. | Memory card |
US20070112446A1 (en) * | 2005-11-14 | 2007-05-17 | General Electric Company | Systems and methods for capturing data within an intelligent electronic device |
US20080083016A1 (en) * | 2006-09-29 | 2008-04-03 | Brother Kogyo Kabushiki Kaisha | Information processing apparatus and information processing program |
US20100077473A1 (en) * | 2008-09-22 | 2010-03-25 | Ntt Docomo, Inc. | Api checking device and state monitor |
US20120159617A1 (en) * | 2010-12-17 | 2012-06-21 | Sony Ericsson Mobile Communications Ab | Headset, method for controlling usage of headset, and terminal |
Also Published As
Publication number | Publication date |
---|---|
JP2014120118A (ja) | 2014-06-30 |
JP6079208B2 (ja) | 2017-02-15 |
CN103886268A (zh) | 2014-06-25 |
US20140173718A1 (en) | 2014-06-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109542518B (zh) | 芯片和启动芯片的方法 | |
JP6433198B2 (ja) | 安全なブートromパッチのためのシステム及び方法 | |
US8954804B2 (en) | Secure boot circuit and method | |
US9525555B2 (en) | Partitioning access to system resources | |
US11281768B1 (en) | Firmware security vulnerability verification service | |
US10311236B2 (en) | Secure system memory training | |
JP5307196B2 (ja) | シリコンに一体化されたコードのシステムへの提供 | |
US9384352B2 (en) | Trusted boot and runtime operation | |
US20170147361A1 (en) | Techniques to configure multi-mode storage devices in remote provisioning environments | |
US9734311B1 (en) | Secure authentication of firmware configuration updates | |
US8959485B2 (en) | Security protection domain-based testing framework | |
US20210303691A1 (en) | Ip independent secure firmware load | |
US9218478B2 (en) | Microcomputer, middleware, and operating method for the same | |
US20220237144A1 (en) | Baseboard management controller and construction method thereof | |
US20130305228A1 (en) | Reducing application startup time through algorithm validation and selection | |
JP2022502790A (ja) | 安全性に関連するデータストリームを検出する方法 | |
WO2017112104A1 (en) | Derived keys for execution environments in a boot chain | |
US11768941B2 (en) | Non-ROM based IP firmware verification downloaded by host software | |
CN111428241A (zh) | 一种多安全访问策略控制方法及计算设备 | |
US20180129828A1 (en) | Exclusive execution environment within a system-on-a-chip computing system | |
CN117313127A (zh) | 数据访问权限控制方法、装置、电子设备及存储介质 | |
US10838742B1 (en) | Multi-user hidden feature enablement in firmware | |
KR20180011866A (ko) | 메모리 암호화 제외 방법 및 장치 | |
CN113672260A (zh) | 一种处理器cpu初始化方法 | |
CN114756291B (zh) | 一种硬件自适应方法和装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FUJITSU SEMICONDUCTOR LIMITED, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KODAMA, YUKO;REEL/FRAME:032065/0273 Effective date: 20131113 |
|
AS | Assignment |
Owner name: SOCIONEXT INC., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:FUJITSU SEMICONDUCTOR LIMITED;REEL/FRAME:035481/0236 Effective date: 20150302 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20191222 |